esx authentication client profiles: summary
The
summary structure contains summary from the list of existing esx.authentication.client_profiles.The structure includes a client profile identifier, subject type, the details of the subject - local user, external user or external group.
Representation:
{
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
},
"client_profile" : "obj-103",
"summary_type" : "FULL"
}
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : {
"<string>" : [
"string",
"string"
]
},
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
},
"client_profile" : "obj-103",
"summary_type" : "FULL"
}
{
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
},
"client_profile" : "obj-103",
"summary_type" : "FULL"
}
"grants" : [
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
},
{
"resource_type" : "ENTITLEMENT",
"entitlement" : "IDENTITY_MGMT"
}
],
"subject" : {
"privileges" : [
{
"value" : [
"string",
"string"
],
"key" : "string"
}
],
"domain" : "string",
"name" : "string",
"issuer_alias" : "obj-103",
"type" : "LOCAL_USER"
},
"client_profile" : "obj-103",
"summary_type" : "FULL"
}
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| -.summary_type | string | Defines the verbosity of the sumary. Defines the types of esx.authentication.client_profiles.summary members to return from the list method. The profile information could include the access grants or be a shorter summary. Value is one of:FULL: The full profile information, including access grants. NORMAL: A summary containing only the profile identifier and the subject information. BRIEF: A brief summary, containing only the profile identifier. |
| -.subject.type | string | subject type Defines the types of subject matching that a client profile is associated with. Value is one of: LOCAL_USER: local user EXTERNAL_GROUP: A group from external source. EXTERNAL_USER: A user from external source. PRIVILEGES: Privilege specifications. |
| -.subject.privileges.* | string[] | |
| Optional | ||
| -.client_profile | string | Client profile identifier. Optional. It is only relevant when summary_type has value [BRIEF, NORMAL, FULL]. This field is optional and it is only relevant when the value of summary_type is one of BRIEF, NORMAL, or FULL.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. |
| -.subject | subject | The subject of the profile. Optional. It is only relevant when summary_type has value [NORMAL, FULL]. This field is optional and it is only relevant when the value of summary_type is one of NORMAL or FULL. |
| -.subject.name | string | The user or group name Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of LOCAL_USER, EXTERNAL_GROUP, or EXTERNAL_USER. |
| -.subject.issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER, PRIVILEGES]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP, EXTERNAL_USER, or PRIVILEGES.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. |
| -.subject.domain | string | Domain of the principal. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER. |
| -.subject.privileges | object | Scope privilege mapping. The token issuer may provide a map of scopes and the authenticated user's privilege list on those scopes. Doing so allows a higher layer authorization scheme to be partly mapped into one or more esx.authentication.client_profiles. The token issuer must represent this mapping as a 'privs' claim. Encoded in JSON the claim would appear as follows. "privs": { "scope1": [ "priv1", "priv2", ...], "scope2": [ "priv1", "priv3", ...], ... } Note that this does not specify a subject directly, but rather a set of subjects who have some privilege on an entity. Optional. It is only relevant when type has value [PRIVILEGES]. This field is optional and it is only relevant when the value oftype is PRIVILEGES.Object with element values of type string[]. |
| -.grants | access_grant[] | Access grants. When the list is empty, the matching subjects don't receive grants from this client profile. but will receive grants from other matching ClientProfiles. Optional. It is only relevant when summary_type has value FULL. This field is optional and it is only relevant when the value of summary_type is FULL. |
Attributes:
| Name | Type | Description |
|---|---|---|
| Required | ||
| summary_type | string | Defines the verbosity of the sumary. Defines the types of esx.authentication.client_profiles.summary members to return from the list method. The profile information could include the access grants or be a shorter summary. Value is one of:FULL: The full profile information, including access grants. NORMAL: A summary containing only the profile identifier and the subject information. BRIEF: A brief summary, containing only the profile identifier. |
| subject.type | string | subject type Defines the types of subject matching that a client profile is associated with. Value is one of: LOCAL_USER: local user EXTERNAL_GROUP: A group from external source. EXTERNAL_USER: A user from external source. PRIVILEGES: Privilege specifications. |
| subject.privileges[].key | string | |
| subject.privileges[].value | string[] | |
| Optional | ||
| client_profile | string | Client profile identifier. Optional. It is only relevant when summary_type has value [BRIEF, NORMAL, FULL]. This field is optional and it is only relevant when the value of summary_type is one of BRIEF, NORMAL, or FULL.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. |
| subject | subject | The subject of the profile. Optional. It is only relevant when summary_type has value [NORMAL, FULL]. This field is optional and it is only relevant when the value of summary_type is one of NORMAL or FULL. |
| subject.name | string | The user or group name Optional. It is only relevant when type has value [LOCAL_USER, EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of LOCAL_USER, EXTERNAL_GROUP, or EXTERNAL_USER. |
| subject.issuer_alias | string | The security token issuer alias, who created and signed the security token. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER, PRIVILEGES]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP, EXTERNAL_USER, or PRIVILEGES.When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. |
| subject.domain | string | Domain of the principal. Optional. It is only relevant when type has value [EXTERNAL_GROUP, EXTERNAL_USER]. This field is optional and it is only relevant when the value of type is one of EXTERNAL_GROUP or EXTERNAL_USER. |
| subject.privileges | list | Scope privilege mapping. The token issuer may provide a map of scopes and the authenticated user's privilege list on those scopes. Doing so allows a higher layer authorization scheme to be partly mapped into one or more esx.authentication.client_profiles. The token issuer must represent this mapping as a 'privs' claim. Encoded in JSON the claim would appear as follows. "privs": { "scope1": [ "priv1", "priv2", ...], "scope2": [ "priv1", "priv3", ...], ... } Note that this does not specify a subject directly, but rather a set of subjects who have some privilege on an entity. Optional. It is only relevant when type has value [PRIVILEGES]. This field is optional and it is only relevant when the value oftype is PRIVILEGES.List of {"key": string, "value": string[]} |
| grants | access_grant[] | Access grants. When the list is empty, the matching subjects don't receive grants from this client profile. but will receive grants from other matching ClientProfiles. Optional. It is only relevant when summary_type has value FULL. This field is optional and it is only relevant when the value of summary_type is FULL. |